• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.37 no.2
• /
• pp.77-84
• /
• 2014

The purpose of this research is to identify and develop technology protection plans for small and medium-sized enterprises (SMEs) by analyzing past technology leakage patterns which were experienced by SMEs. We identified factors which affect the technology leakage, and analyzed patterns of the influences using a data mining algorithms. A decision tree analysis showed several significant factors which lead to technology leakage, so we conclude that preemptive actions must be put in place for prevention. We expect that this research will contribute to determining the priority of activities necessary to prevent technology leakage accidents in Korean SMEs. We expect that this research will help SMEs to determine the priority of preemptive actions necessary to prevent technology leakage accidents within their respective companies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.11
• /
• pp.4662-4679
• /
• 2015

Currently, the leakage of internal information has emerged as one of the most significant security concerns in enterprise computing environments. Especially, damage due to internal information leakage by insiders is more serious than that by outsiders because insiders have considerable knowledge of the system's identification and password (ID&P/W), the security system, and the main location of sensitive data. Therefore, many security companies are developing internal data leakage prevention techniques such as data leakage protection (DLP), digital right management (DRM), and system access control, etc. However, these techniques cannot effectively block the leakage of internal information by insiders who have a legitimate access authorization. The security system does not easily detect cases which a legitimate insider changes, deletes, and leaks data stored on the server. Therefore, we focused on the insider as the detection target to address this security weakness. In other words, we switched the detection target from objects (internal information) to subjects (insiders). We concentrated on biometrics signals change when an insider conducts abnormal behavior. When insiders attempt to leak internal information, they appear to display abnormal emotional conditions due to tension, agitation, and anxiety, etc. These conditions can be detected by the changes of biometrics signals such as pulse, temperature, and skin conductivity, etc. We carried out experiments in two ways in order to verify the effectiveness of the emotional recognition technology based on biometrics signals. We analyzed the possibility of internal information leakage detection using an emotional recognition technology based on biometrics signals through experiments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2276-2291
• /
• 2017

Data protection of removable storage devices is an important issue in information security. Unfortunately, most existing data protection mechanisms are aimed at protecting computer platform which is not suitable for ultra-low-power devices. To protect the flash disk appropriately and efficiently, we propose a trust based USB flash disk, named UTrustDisk. The data protection technologies in UTrustDisk include data authentication protocol, data confidentiality protection and data leakage prevention. Usually, the data integrity protection scheme is the bottleneck in the whole system and we accelerate it by WH universal hash function and speculative caching. The speculative caching will cache the potential hot chunks for reducing the memory bandwidth pollution. We adopt the symmetric encryption algorithm to protect data confidentiality. Before mounting the UTrustDisk, we will run a trusted virtual domain based lightweight virtual machine for preventing information leakage. Besides, we prove formally that UTrustDisk can prevent sensitive data from leaking out. Experimental results show that our scheme's average writing throughput is 44.8% higher than that of NH scheme, and 316% higher than that of SHA-1 scheme. And the success rate of speculative caching mechanism is up to 94.5% since the access pattern is usually sequential.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.49 no.7
• /
• pp.71-79
• /
• 2012

As advances in computer technology, dissemination of smartphones and tablet PCs has increased and digital media has become easily accessible. The performance of computer hardware is improved and the form of hardware is changed, but basically the change in mechanism was not occurred. Typically, the data used in the program is resident in memory during the operation because of the operating system efficiency. So, these data in memory is accessible through the memory dumps or real-time memory analysis. The user's personal information or confidential data may be leaked by exploiting data; thus, the countermeasures should be provided. In this paper, we proposed the method that minimizes user's data leakage through finding the physical memory address of the process using virtual memory address, and initializing memory data of the process.

• Convergence Security Journal
• /
• v.18 no.5_2
• /
• pp.21-27
• /
• 2018

Most of the Internet users in Korea are issued certificates and use them for various tasks. For this reason, it is recommended that accredited certification authorities and security related companies and use public certificates on USB memory and portable storage devices rather than on the user's desktop. Despite these efforts, the hacking of the certificate has been continuously occurring and the financial damage has been continuing. Also, for security reasons, our military has disabled USB to general military users. Therefore, this study proposes a two-factor method using the unique information of the USB memory and the PC which is owned by the user, and suggests a method of managing the private key file secure to the general user. Furthermore, it will be applied to national defense to contribute to the prevention of important data and prevention of access by unauthorized persons.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.5
• /
• pp.17-23
• /
• 2018

The rapid development of mobile technology has increased the use of mobile devices, and the possibility of security incidents is also increasing. The leakage of information through photos is the most representative. Previous methods for preventing this are disadvantageous in that they can not take pictures for other purposes. In this paper, we design and implement a system to prevent information leakage through photos using object recognition and beacon. The system inspects pictures through object recognition based on deep learning and verifies whether security policies are violated. In addition, the location of the mobile device is identified through the beacon and the appropriate rules are applied. Web applications for administrator allow you to set rules for taking photos by location. As soon as a user takes a photo, they apply appropriate rules to the location to automatically detect photos that do not conform to security policies.

• Journal of Digital Convergence
• /
• v.10 no.6
• /
• pp.341-347
• /
• 2012

Network Access Control system of medical asset protection solutions that installation and operation on system and network to provide a process that to access internal network after verifying the safety of information communication devices. However, there are still the internal medical-data leakage threats due to spoof of authorized devices and unauthorized using of users are away hours. In this paper, Network 2-Factor Access Control Model proposed for prevention the medical-data leakage by improving the current Network Access Control system. The proposed Network 2-Factor Access Control Model allowed to access the internal network only actual users located in specific place within the organization and used authorized devices. Therefore, the proposed model to provide a safety medical asset environment that protecting medical-data by blocking unauthorized access to the internal network and unnecessary internet access of authorized users and devices.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.85-92
• /
• 2020

None of the recent cases of military secret leakages have leaked internal information using networks. This is because the Internet and the Intranet are physically separated, and has a difficult process when transmitting and receiving data through the Internet. Therefore, most of the leaked paths are to copy and hand over secrets, shoot and send them with a smartphone, or disclose after remembering them. So, the technology of blocking and detecting military secret leakages through the network is not effective. The purpose of this research is to propose a method to prevent information leakage by focusing on the insider behaviors, the subject of leakage, rather than the military secret. The first is a preventive measure to prevent the leakage behavior of military secrets, the second is to block suspicious access to the military secret data, and the last is to detect the leakage behavior by insiders.

• Convergence Security Journal
• /
• v.15 no.5
• /
• pp.77-86
• /
• 2015

The organization shall minimize business risks associated with customer information leaks. Enhance information security activities through voluntary pre-check and must find a way to detect the personal information leakage caused by carelessness and neglect accident. Recently, many companies have introduced an information leakage prevention solution. However, there is a possibility of internal data leakage by the internal user who has permission to access the data. By this thread it is necessary to have the environment to analyze the habit and activity of the internal user. In this study, we use the SFI analytical technique that applies RFM model to evaluate the insider activity levels were carried out case studies is applied to the actual business.

• Korean Journal of Construction Engineering and Management
• /
• v.25 no.1
• /
• pp.42-49
• /
• 2024

In recent years, the construction industry has diligently focused on improving the quality and safety of buildings through smart technologies. However, there is a growing trend of leakage defects, especially in educational facilities, due to aging. The objective of this study is to analyze the causes of these defects in educational environments using the Fault Tree Analysis (FTA) technique and propose preventive measures based on the findings. The FTA technique is explained through a review of domestic literature, and data from the Educational Support Center from 2019 to 2021 are examined to identify major defects. The construction of the Fault Tree (FT) for leakage defects resulted in the identification of 12 basic events. Subsequently, a comprehensive understanding of the causes of leakage is achieved through FTA analysis, leading to the identification of the primary causes of defects. Leakage defects accounted for 46.8% of all reported issues in educational facilities, with roof (ceiling) leaks being the most common problem. FTA analysis revealed that poor substrate treatment was the main cause of roof (ceiling) leaks, which could be attributed to cracks in the waterproof layer, joint cracks, and microvoids in the waterproof layer. The primary achievement of this research is to provide essential data for preventing leakage defects in educational facilities and developing preventive measures through the FTA technique. These results are expected to significantly enhance the management of educational facilities and the prevention of leakage issues.